Qualcomm has detailed six high-priority vulnerabilities — including a critical secure boot flaw (CVE-2025-47372). Additional issues affect TZ Firmware, HLOS components, DSP, audio, and camera modules.

OEMs are receiving patches and users may need to check manufacturer timelines for deployment.
Follow us for more non-sensationalized security reporting.

Source: https://gbhackers.com/qualcomm-alerts-users-to-critical-flaws/

#Infosec #Qualcomm #SecureBoot #FirmwareSecurity #ThreatIntel #TechNadu #CVEs #DeviceSecurity

NVIDIA has released a critical DGX Spark firmware update addressing 14 vulnerabilities - including CVE-2025-33187 (CVSS 9.3), which enables malicious code execution and access to protected SoC regions.

Firmware flaws in AI workstations can impact model integrity, training data, and system stability.

Organizations using DGX Spark should patch immediately.

Source: https://cybersecuritynews.com/nvidia-dgx-spark-vulnerabilities/#google_vignette

What’s your view on firmware security in AI-focused hardware?
Follow us for more analysis.

#infosec #NVIDIA #DGXSpark #CVE #AIsecurity #firmwaresecurity #patchnow #securityupdate

The Commerce Department’s proposed ban on TP-Link routers underscores growing scrutiny of supply-chain trust and firmware control.

Agencies found persistent links between the U.S. entity and its Chinese counterpart, citing firmware and infrastructure exposure risks.
While TP-Link denies foreign influence, the case spotlights the intersection of technical risk and geopolitical oversight.

How do you assess supplier integrity in environments dependent on third-party networking hardware?

💬 Add your perspective & follow @technadu for continued threat intelligence coverage.

#Infosec #TPLink #SupplyChainSecurity #FirmwareSecurity #CyberRisk #NationalSecurity #CyberDefense #TechNews #SecurityCommunity #CyberIntel

Is your IoT firmware secure? 🛠️🔒

EMBA is a powerful open-source firmware security analyzer. It handles *firmware extraction*, *static analysis*, *emulation*, and builds SBOMs—all while scanning for outdated binaries, hardcoded creds, and more. Outputs an actionable web report for devs & testers.

#FirmwareSecurity #IoTSecurity

🔗 Project link on #GitHub 👉 https://github.com/e-m-b-a/emba

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

“Exploitability isn’t one thing; it’s multiple layers that work together.” — Michael Scott, CTO @NetRise_io
Scott breaks down how firmware analysis, SBOM dashboards, and AI triage expose real exploitability—not just theoretical risk.

Full interview:
https://www.technadu.com/how-firmware-risks-are-exposed-through-sbom-mapping-exploitability-checks-and-smarter-ai-powered-defenses/610106/

#FirmwareSecurity #AI #SBOM #SupplyChainRisk

🚨 BadCam Attack — Remote BadUSB for Linux Webcams
Eclypsium research shows how attackers can reflash Linux-based webcams to persistently re-infect hosts, even after OS reinstalls.

Tested on Lenovo 510 FHD & Performance FHD Web — flaw tracked as CVE-2025-4371, fixed in FW 4.8.0. Linked kernel flaw CVE-2024-53104 exploited in the wild.

💬 Are your USB peripherals part of your patching & monitoring strategy?

#CyberSecurity #BadUSB #FirmwareSecurity #LinuxSecurity #PersistenceThreat #Lenovo

Boot ROM and Security for Enterprise SSDs – Protecting Data at the Hardware Level

📱 Learn More with Piembsystech
🔗 Download: https://play.google.com/store/apps/details?id=com.piembsystech&pcampaignid=web_share
🌍 Website: https://piembsystech.com/boot-rom-in-bootloader/

#BootROM #EnterpriseSSD #AutomotiveCybersecurity #EmbeddedSystems #SecureBoot #VehicleElectronics #ECUDevelopment #AutomotiveEngineering #DataSecurity #CyberSecurity #AutomotiveTech #AutomotiveSecurity #FirmwareSecurity #HardwareSecurity #IoTDevices #ConnectedVehicles #AutomotiveInnovation #AUTOSAR

🚨 Cisco’s Talos found firmware flaws in Dell’s ControlVault3 module that let attackers bypass Windows login, implant persistent code, and spoof biometric access. 😳 Physical access is required—but the implications are serious for corporate and government users running Latitude or Precision devices. The kicker? These implants can survive a full OS reinstall. Patches started rolling out in March, but given Dell’s track record with slow firmware patch uptake, many systems are likely still vulnerable. 🤦🏻‍♂️

TL;DR
⚠️ ReVault flaw affects Dell business laptops
🧠 Exploits fingerprint, smartcard, OS login
🔐 Implant survives OS reinstalls
🛠️ Firmware patch available since March

https://cybersecuritynews.com/dell-laptops-vulnerability/
#ReVault #FirmwareSecurity #DellLatitude #CyberRisk #security #privacy #cloud #infosec #cybersecurity

“IoT PenTest Blitz” is coming to #DEFCON32!

Join us in the #AppSecVillage to:
🔍 Analyze real firmware
🛠️ Build your attack chain
🏆 Rack up points like a pro

Swing by & show us what you’ve got.

#IoTSecurity #PenTestBlitz #FirmwareSecurity #Cybersecurity

Source code scans ≠ full security.

Firmware hides risks SCA tools can’t see: proprietary binaries, vendor code, secrets, misconfigs.

Discover why firmware analysis is essential for secure connected products 👉 https://finitestate.io/blog/firmware-vs-source-code-security

#FirmwareSecurity #IoTSecurity

If it’s not in the manifest, most tools won’t catch it. But unreferenced or outdated components can still be present & exploitable.

Watch this clip from our latest webinar to learn more, & catch the full conversation here 👉 https://info.finitestate.io/the-future-of-iot-security
#FirmwareSecurity #IoTSecurity

Critical vulnerabilities exploited! Learn how to protect your networks. #VulnerabilityDisclosure #FirmwareSecurity #MitigationStrategies https://redoracle.com/News/Critical-Exploited-Vulnerabilities-Threatening-Networks.html

Most #SBOM tools rely on declarations.

Finite State looks at what’s actually on the device & how it behaves.

📽️ Catch this moment from our webinar to see how execution-aware analysis changes the game.

https://info.finitestate.io/the-future-of-iot-security

#FirmwareSecurity #VulnerabilityManagement

Two days until #BSidesBoulder25 and only 15 tickets remain! Today we highlight, two #BSidesBoulder25 talks: Andrew Brandt's "Smashing Smishing by Quashing Quishing" and Eric Harashevsky's "Firmware Readout Bypass in STM92 (Don't put this in an alarm control panel).

Andrew's talk will examine QR-based phishing attacks, how attackers are exploiting QR codes and SMS to steal credentials and MFA tokens, and how a cross-industry collaboration between mobile vendors, telcos, and the infosec community could finally slam the door on mobile phishing. Think SafeBrowsing, but for QR scans! And we promise that our BSidesBoulder event QR codes will not redirect you to an Andrew-controlled C2 server.

Eric's talk will explore his adventure tinkering with an old STM92's firmware - the talk will explore his findings, reverse engineering the legacy microcontroller, bypassing firmware protections, and what that means for devices still hanging on your wall! Expect a live demo that is sure to excite your future hardware hacking journey.

#BSides #BSidesBoulder #CyberSecurity #Quishing #Smishing #MobileSecurity #PhishingDefense #HardwareHacking #FirmwareSecurity

Check out our full schedule at https://bsidesboulder.org/schedule/

Tickets are available for purchase for our 13 June event here: https://www.eventbrite.com/e/bsides-boulder-2025-registration-1290129274389

Missed our webinar last week?

Watch the on-demand recording of “The Future of IoT Security – A Modern Approach to Scanning” now → https://info.finitestate.io/the-future-of-iot-security

#IoTSecurity #SBOM #FirmwareSecurity #CyberResilience #ProductSecurity #DevSecOps #PenTesting

We're honored to be featured in Omdia’s latest report spotlighting the leaders in firmware & #SoftwareSupplyChainSecurity 🎉

Read the full report to explore what sets us apart 👉 https://omdia.tech.informa.com/om129716/omdia-market-radar-firmware-and-software-supply-chain-security-2025

#ProductSecurity #SBOM #IoTSecurity #FirmwareSecurity #Omdia

Traditional tools miss the real IoT risks.

We’re breaking it all down in our next webinar: The Future of IoT Security https://lnkd.in/g8-ntqY5

Cue Larry Pesce, VP of Services, & unofficial 👑 of webinars, to tell you more.

#IoTSecurity #SupplyChainSecurity #FirmwareSecurity

What does it really take to build secure, auditable firmware today?

In the latest episode of Nerding Out with Viktor, I sat down with Joshua Watt (Garmin) and Ross Burton (ARM) to dig into how the Yocto Project, SBOMs, and SPDX 3.0 are changing how we ship and maintain embedded Linux at scale.

We get into:
*Why SBOMs need to be generated at build-time, not after
*How SPDX 3.0 helps with license clarity and deep package tracking
*Why VEX metadata matters when it’s time to triage real vulnerabilities
*Build determinism, OTA failures, and surviving 15-year product lifecycles
*What the Cyber Resilience Act means for your toolchain

Whether you’re deep in firmware or just trying to ship connected products without getting buried in compliance debt, this one’s worth a listen.

Listen here: https://vpetersson.com/podcast/S02E09.html

#Yocto #EmbeddedLinux #SBOM #SPDX #FirmwareSecurity

BIOS level hacking has always been one of the stealthiest and most dangerous forms of attack. Operating beneath the OS, malware embedded in firmware can survive drive wipes and reinstalls. While rare, these attacks are very real. From state actors using BIOS implants for espionage to researchers demonstrating how firmware can be weaponized, this layer is often ignored until it is too late. Projects like Libreboot and Coreboot aim to replace proprietary firmware with open alternatives, giving users more control and reducing the risk of hidden vulnerabilities.

#FirmwareSecurity #BIOSHacking #Coreboot #Libreboot #CyberSecurity #LowLevelThreats #OpenSourceSecurity

🚀 BLU: The Smart Solution for Embedded Bootloader Upgrades 🛠️

🔗 Read more: https://piembsystech.com/bootloader-updater-blu/

#EmbeddedSystems #Bootloader #FirmwareUpdates #AutomotiveECU #IoT #IndustrialAutomation #SecureFirmware #CANProtocol #OverTheAirUpdates #EmbeddedSoftware #Piembsystech #OpenSourceLearning #Microcontrollers #FirmwareSecurity #CANFD #IoTDevices #LinuxEmbedded #RealTimeSystems #HILTesting #EmbeddedNetworking #AutomotiveCyberSecurity #FirmwareDevelopment #MicrocontrollerProgramming #OTAUpdates